Security

Security considerations to onboard the next 1 billion users to Web3 will require building trust through transparency and openness. Auditability and accountability are key pillars in building trust.

Smart Contract Audits All audits to date carried out by Hacken

Audit 3 – October 4, 2024 View Report
Audit 2 – April 12, 2024 View Report
Audit 1 – December 26, 2023 View Report

Github repositories

The WLTH core contributors are deeply committed to open source software and to building in the open. Due to the wide-ranging uses and implications of the technology being built, and in the face of commercial interest for several parts of the system, it has been have decided not to open source the protocol just yet. Links to the Github source code repositories will be made available here over time based on community vote.

User-centred privacy model

All personally-identifiable user information is encrypted in transit and at rest. In addition, all personally- identifiable information (PII) in the databases is salted, making it unreadable by humans should it ever be accessed outside of the system. Matomo is used as the analytics core, the same open source, privacy-first analytics platform used by the EU orgs behind GDPR people. The system self-hosts and manage on public cloud but only with trusted Tier 1 providers.

Anti-sybil measures and 2FA

The system requires a single unique email address and an at least one ERC-20 compatible wallet in order to secure and authenticate your account. This helps ensure fair representation in the community, as well as prevent governance attacked on the protocol through improving sybil-resistance. This will also be used to offer two-factor account authentication to users as an optional layer of account protection.

Anti-collusion

The system detects and prevent anti-collusion amongst project participants and community members via social graph and role-based authentication enforced via token-gating and smart contracts.

Anti-bot

A multi-layered system protects against bots. Cloudflare blocks bots at the network level using machine learning, while proprietary monitoring detects bot-like behavior within the application.

On-chain Governance

Initial off-chain governance will be via Snapshot or token-gated voting in the Community forums in the app. For on-chain governance the plan is to build our governance infrastructure on top of ColonyDAO’s framework and technology. See the ‘Governance’ section for more info.

PreviousSecurity & Technology NextSecurity Best Practices

Last updated 3 days ago